CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.129

EPSS Ranking 93.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://us2.php.net/releases/4_4_7.php
http://www.osvdb.org/32774
http://www.php-security.org/MOPB/MOPB-08-2007.html
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://us2.php.net/releases/4_4_7.php
http://www.osvdb.org/32774
http://www.php-security.org/MOPB/MOPB-08-2007.html
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732

Products affected by CVE-2007-1287

Php » Php » Version: 4.4.4

cpe:2.3:a:php:php:4.4.4
Php » Php » Version: 4.4.5

cpe:2.3:a:php:php:4.4.5
Php » Php » Version: 4.4.6

cpe:2.3:a:php:php:4.4.6
Php » Php » Version: 6.0

cpe:2.3:a:php:php:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1287

Products

Pricing

Contact Us